TyphoonCon 2024 early bird ticket are now on sale!

submitted by /u/Straight-Zombie-646
[link] [comments]

ExecIT: Evasive DLL-Based Shellcode Loader

submitted by /u/florilsk
[link] [comments]

NMAP-formatter: convert NMAP results to HTML, CSV, JSON, graphviz (dot), SQLite

submitted by /u/netsec_burn
[link] [comments]

CSIRT-CTI - Stately Taurus Targets Myanmar Amidst Concerns over Military Junta’s Handling of Rebel Attacks

submitted by /u/0x5h4un
[link] [comments]

23andMe Failed to Detect Account Intrusions for Months

Plus: North Korean hackers get into generative AI, a phone surveillance tool that can monitor billions of devices gets exposed, and ambient light sensors pose a new privacy risk.

Building a password cracker in 2024 [Deep Dive]

submitted by /u/hpo1n7
[link] [comments]

Police Arrest Teen Said to Be Linked to Hundreds of Swatting Attacks

A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges, WIRED has learned.

The Pentagon Tried to Hide That It Bought Americans’ Data Without a Warrant

US spy agencies purchased Americans’ phone location data and internet metadata without a warrant but only admitted it after a US senator blocked the appointment of a new NSA director.

How I hacked chess.com

submitted by /u/J_ake20o4
[link] [comments]

AsyncRAT config decryption using CyberChef - Recipe 0x2 - Securityinbits

submitted by /u/securityinbits
[link] [comments]

CVE-2024-23897 Jenkins CLI PoC

submitted by /u/gquere
[link] [comments]

Big-Name Targets Push Midnight Blizzard Hacking Spree Back Into the Limelight

Newly disclosed breaches of Microsoft and Hewlett-Packard Enterprise highlight the persistent threat posed by Midnight Blizzard, a notorious Russian cyber-espionage group.

AI-exploits: Triton Inference Server RCE exploit

submitted by /u/FlyingTriangle
[link] [comments]

We build X.509 chains so you don’t have to

submitted by /u/yossarian_flew_away
[link] [comments]

New Zyxel RCE Vulnerability allows remote attackes execute commands as root!

submitted by /u/Straight-Zombie-646
[link] [comments]

How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar

From repeatedly crippling thousands of gas stations to setting a steel mill on fire, Predatory Sparrow’s offensive hacking has now targeted Iranians with some of history's most aggressive cyberattacks.

Shipping your Private Key - CVE-2023-43870, Paxton do a Lenovo.

submitted by /u/craigsblackie
[link] [comments]

*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2

submitted by /u/SRMish3
[link] [comments]

Pwning a DLP solution: CVE-2024-22107 & CVE-2024-22108

submitted by /u/gid0rah
[link] [comments]

Ring Will Stop Giving Cops a Free Pass on Warrantless Video Requests

The Amazon-owned home surveillance company says it is shuttering a feature in its Neighbors app that allows police to request footage from users. But it’s not shutting out the cops entirely.

Methodology - Security Research: How we discovered over 18,000 API secret tokens & $20M in Stripe tokens

submitted by /u/AlarmingApartment236
[link] [comments]

Notorious Spyware Maker NSO Group Is Quietly Plotting a Comeback

NSO Group, creator of the infamous Pegasus spyware, is spending millions on lobbying in Washington while taking advantage of the crisis in Gaza to paint itself as essential for global security.

Kubernetes Scheduling And Secure Design

submitted by /u/nibblesec
[link] [comments]

15 MCQ questions for practice related to security

submitted by /u/eren_rndm
[link] [comments]

Improving LLM Security Against Prompt Injection: AppSec Guidance For Pentesters and Developers

submitted by /u/907jessejones
[link] [comments]

HP CEO Says They Brick Printers That Use Third-Party Ink Because of … Hackers

The company says it wants to protect you from “viruses.” Experts are skeptical.

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive, IOCs, and Exploit

submitted by /u/scopedsecurity
[link] [comments]

Windows - Data Protection API - A journey into various DPAPI potential abuses from an offensive security perspective

submitted by /u/clod81
[link] [comments]

A recent analysis of the Cactus Ransomware

submitted by /u/ShadowStackRE
[link] [comments]

Export Controls: Explained

submitted by /u/zolakrystie
[link] [comments]

Typhooncon 2024 has less than 2 weeks left for CFT submissions. Don't miss out!

submitted by /u/Straight-Zombie-646
[link] [comments]

Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing (CVE-2023-45866)

submitted by /u/barakadua131
[link] [comments]

[VNCERT/CC] CVE-2023-22527 realworld poc The original PoC: payload is length limited Solution: 1. Write the script file in parts 2. Run the script

submitted by /u/arleth94
[link] [comments]

Many CVE Records Are Listing the Wrong Versions of Software as Being Affected

submitted by /u/PluginVulns
[link] [comments]

Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection

Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now.

EC2 Privilege Escalation Through User Data

submitted by /u/RedTermSession
[link] [comments]

How a vulnerability in WifiKey's AC Gateway allows remote attackers to trigger a pre-auth RCE

submitted by /u/SSDisclosure
[link] [comments]

Vulnerability in Gambio pertains to an insecure deserialization flaw, which ultimately allows an attacker to execute remote code on affected systems.

submitted by /u/usdAG
[link] [comments]

Cops Used DNA to Predict a Suspect’s Face—and Tried to Run Facial Recognition on It

Police around the US say they're justified to run DNA-generated 3D models of faces through facial recognition tools to help crack cold cases. Everyone but the cops thinks that’s a bad idea.

Domain Escalation – Backup Operator

submitted by /u/netbiosX
[link] [comments]

AsyncRAT: Config Decryption Techniques and Salt Analysis - Securityinbits

submitted by /u/securityinbits
[link] [comments]

Just released v10.1 of scanme a go package for scanning private and public IPs for open TCP ports 👁️ - it would be great to have some feedback from you pros, thanks in advance for any contribution!

submitted by /u/Technical_Shelter621
[link] [comments]

Fujitsu Bugs That Sent Innocent People to Prison Were Known ‘From the Start’

Software flaws were allegedly hidden from lawyers of wrongly convicted UK postal workers.

LogBoost - A tool for parsing and enriching IP addresses in any type of log/file with GEO, DNS, OSINT IOCs and ASN context

submitted by /u/panscanner
[link] [comments]

US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked

Plus: Microsoft says attackers accessed employee emails, Walmart fails to stop gift card fraud, “pig butchering” scams fuel violence in Myanmar, and more.

Technical Deepdive of the Okta HAR Breach Incident

submitted by /u/Or1rez
[link] [comments]

Taking over WhatsApp accounts by reading voicemails

submitted by /u/AffectionateOrchid10
[link] [comments]

How to Opt Out of Comcast’s Xfinity Storing Your Sensitive Data

One of America’s largest internet providers may collect data about your political beliefs, race, and sexual orientation to serve personalized ads.

npm Package Found Delivering RAT Through Signed Microsoft Executable

submitted by /u/louis11
[link] [comments]

High Signal Detection and Exploitation of Ivanti's Pulse Connect Secure Auth Bypass & RCE

submitted by /u/Mempodipper
[link] [comments]

How Praetorian Discovered a Critical TensorFlow Supply Chain Attack

submitted by /u/cyberforce218
[link] [comments]

Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes

submitted by /u/lohacker0
[link] [comments]

‘Stablecoins’ Enabled $40 Billion in Crypto Crime Since 2022

A new report from Chainalysis finds that stablecoins like Tether, tied to the value of the US dollar, were used in the vast majority of crypto-based scam transactions and sanctions evasion in 2023.

Deceptive Deprecation: The Truth About npm Deprecated Packages

submitted by /u/ilay789
[link] [comments]

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of TensorFlow releases on GitHub and PyPi by compromising TensorFlow's build agents via

The Second Wednesday Of The First Month Of Every Quarter: Juniper 0day Revisited - watchTowr Labs

submitted by /u/dx7r__
[link] [comments]

libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 1 of 2

submitted by /u/SRMish3
[link] [comments]

Hacking into a Toyota/Eicher Motors insurance company by exploiting their premium calculator website

submitted by /u/EatonZ
[link] [comments]

How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s Anonymity

Once, drug dealers and money launderers saw cryptocurrency as perfectly untraceable. Then a grad student named Sarah Meiklejohn proved them all wrong—and set the stage for a decade-long crackdown.

A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

Patching every device affected by the LeftoverLocals vulnerability—which includes some iPhones, iPads, and Macs—may prove difficult.